-
漏洞信息 (24673)

source: http://www.securityfocus.com/bid/11363/info
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
user= admin
password= ' or '1'='1

-
漏洞信息 (24674)

source: http://www.securityfocus.com/bid/11363/info
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
http://www.example.com/DUforum/messages.asp?FOR_ID=1;[SQL INJECT]

-
漏洞信息 (24675)

source: http://www.securityfocus.com/bid/11363/info
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
http://www.example.com/DUforum/messageDetail.asp?MSG_ID=1;[SQL INJECT]

-
漏洞描述

DUforum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the password in the login form is not verified properly and will allow an attacker to inject or manipulate SQL queries.

-
时间线

公开日期:
2004-10-11

发现日期:
2004-10-09

利用日期:2004-10-11

解决日期:Unknow

-
解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.